Who's watching you online and how to stop them

Internet Security
Incognito browsing might stop people at home seeing your browser history, but do you know who else is watching?

Whenever you do something online, somebody is watching you. That somebody isn't just the owner of the site or service you're connecting to; it could be your ISP, your favourite social network, one of many advertising companies or the security services.

You don't need to be paranoid or hiding from the NSA to worry about how much information you're sharing online, though. A few minutes with the Lightbeam extension for Firefox will give you plenty to worry about. For example, on a typical newspaper website we said hello to some 31 different third party sites and services: analytics firms, advertising firms, social networks, advertising firms, font providers and advertising firms.

Firefox's Lightbeam

Firefox's Lightbeam extension shows just how many different trackers are watching you browse

Those sites aren't necessarily doing anything wrong or worrying, in many cases they're just interested in dull but useful detail such as how people arrived at the website and what browser they're using. But if you'd rather not share your non-Facebook browsing with Facebook, or have airline sites or retailers adjust their pricing based on your recent browsing, it's relatively easy to cover your tracks.

In some cases there's an extra benefit too, because blocking the various trackers can also disguise where in the world you are - which means you can bypass geo-blocks to see content that isn't supposed to be available in your country.

Watching the watchers

In an ideal world your web browser's private browsing mode and do not track toggle would stop firms from tracking you, but the web doesn't work that way. Every social media share button, every advert, every embedded video has the potential to contribute towards a very detailed picture of your online activities, and if you don't want that to happen you need to block them.

One of the most effective blocking tools is Ghostery, a free plugin for Safari, Firefox, Opera and Chrome as well as Android and iOS. Once installed Ghostery detects known trackers - it knows of more than 1,900 - and enables you to block them. You can customise the kind of trackers it blocks, so for example you might block ad networks but keep social media sharing buttons, and where useful content such as video is blocked you can enable it with a click.

What makes Ghostery particularly good is the information it provides - so rather than just telling you that a site connects to X Network, it tells you what X Network is, what data it collects and what it does with it. That can be quite eye-opening: for example Google's DoubleClick ad network collects not just anonymous data such as hardware type and browser information but IP addresses, search histories, device IDs and phone numbers.

Tor and Tails

Ghostery is very good at what it does, but its powers are limited to web browsing: it doesn't protect other kinds of connection and it doesn't encrypt your traffic to prevent others from intercepting it. For that you'll need a VPN (Virtual Private Network), and there are plenty of options ranging from simple and free to paid-for products that come with enterprise-level security.

One of the most popular free VPN options is Hotspot Shield Free (Windows, Mac, iOS and Android), which offers unlimited use in exchange for advertising. If the ads annoy you can get and annual subscription to the ad-free Elite version. VPNs are particularly popular with business users who don't want their top-secret plans falling into the wrong hands.


Tails is a bootable Linux distribution designed for footprint-free internet use [Silicon/Wikipedia CC BY-SA 3.0]

A VPN is probably more than adequate to protect most people's privacy, but if you're wanted by the NSA, like whistleblower Edward Snowden, then you might want to go for his preferred operating system, Tails. The acronym stands for The Amnesiac Incognito Live System, and it's designed to facilitate perfectly private online browsing. It runs from a USB drive, DVD or SD card and won't leave any traces online or on your computer unless you explicitly tell it to.

Tails is based on the Tor network, which in turn is based on a project by the US Naval Research Laboratory. It uses a technique known as onion routing - Tor stands for The Onion Router - to create a distributed, anonymous network that's very good at keeping data private. If Tails seems a bit excessive you can just download the Firefox-based Tor Browser Bundle for Windows, OS X or Linux, or the Orbot app for Android.

One word of warning: we know from the Snowden reports that using Tor is seen by the security services as a reason to check someone out. If you don't have something to hide, the reasoning goes, then why would you want to keep your communications private? If you're an international man or woman of mystery you might want to bear that in mind.

Not so smart phones

There isn't much point in securing your home or business network if you tote a smartphone around: phones' basebands, the software that controls the radio hardware, is notoriously insecure - and that's before you start installing apps that in many cases turn out to be leakier than a sieve.

There are some exceptions, though, and those exceptions include Silent Circle's apps for encrypted texting, phone calls, video calls and file transfers: the firm's founders include Phil Zimmermann, creator of PGP, and Jon Callas, one of the world's top cryptographers. The service starts at $9.99 per month for personal use.

We know what you're thinking: wouldn't it be even better to run secure apps on a secure phone? Silent Circle has thought of that too, and its Blackphone runs a new, Android-based OS called PrivatOS as well as the Silent Circle apps. Dubbed the world's first spy-proof smartphone, the $629 Blackphone sold its first batch in a heartbeat and the first customers will receive their phones in June 2014.